UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The vCenter STS service must be configured to limit data exposure between applications.


Overview

Finding ID Version Rule ID IA Controls Severity
V-258979 VCST-80-000057 SV-258979r934595_rule Medium
Description
If RECYCLE_FACADES is true or if a security manager is in use, a new facade object will be created for each request. This reduces the chances that a bug in an application might expose data from one request to another.
STIG Date
VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) Security Technical Implementation Guide 2023-10-29

Details

Check Text ( C-62719r934593_chk )
At the command line, run the following command:

# grep RECYCLE_FACADES /usr/lib/vmware-sso/vmware-sts/conf/catalina.properties

Example result:

org.apache.catalina.connector.RECYCLE_FACADES=true

If "org.apache.catalina.connector.RECYCLE_FACADES" is not set to "true", this is a finding.

If the "org.apache.catalina.connector.RECYCLE_FACADES" setting does not exist, this is not a finding.
Fix Text (F-62628r934594_fix)
Navigate to and open:

/usr/lib/vmware-sso/vmware-sts/conf/catalina.properties

Update or remove the following line:

org.apache.catalina.connector.RECYCLE_FACADES=true

Restart the service with the following command:

# vmon-cli --restart sts